Several security issues have been discovered in kdelibs, core librariesfrom the official KDE release. The Common Vulnerabilities and Exposuresproject identifies the following problems:

CVE-2009-1690

It was discovered that there is a use-after-free flaw in handlingcertain DOM event handlers. This could lead to the execution ofarbitrary code, when visiting a malicious website.

CVE-2009-1698

It was discovered that there could be an uninitialised pointer whenhandling a Cascading Style Sheets (CSS) attr function call. This couldlead to the execution of arbitrary code, when visiting a maliciouswebsite.

CVE-2009-1687

It was discovered that the JavaScript garbage collector does not handleallocation failures properly, which could lead to the execution ofarbitrary code when visiting a malicious website.

For the stable distribution (lenny), these problems have been fixed inversion 4:3.5.10.dfsg.1-0lenny2.

For the oldstable distribution (etch), these problems have been fixedin version 4:3.5.5a.dfsg.1-8etch2.

For the testing distribution (squeeze) and the unstable distribution(sid), these problems will be fixed soon.

We recommend that you upgrade your kdelibs packages.

Upgrade instructions- --------------------

wget url will fetch the file for youdpkg -i file.deb will install the referenced file.

If you are using the apt-get package manager, use the line forsources.list as given below: